Summary:
ZKSync recouped USD 5 million of tokens after the hacker returned the assets.
The hacker consented to a 10 percent bounty in return for returning 90 percent of the stolen tokens.
On April 15, 2025, contract code under a compromised admin key was exploited to mint 111 million ZK tokens from unclaimed airdrop reserves.
Within 72 hours of the attack—the platform’s designated “safe harbor” period—the tokens were securely recovered and governance now determines the next course of action.
Security safeguards such as transaction filtering at ZKSync blocked any further abuse of the compromised addresses.
ZKSync’s Rapid Response: A Uncommon Victory for Crypto security.
Spotlighted as one of Ethereum’s leading Layer 2 scaling solutions, ZKSync has resoundingly rebounded after a hacker took advantage of a vulnerability. On 15 April 2025, the platform suffered a breach when its admin key was compromised. In doing so, the perpetrator converted about 111 million ZK tokens—worth roughly $5 million—from the unclaimed airdrop reserves. Only three designated airdrop contracts were impacted, and the attack left both the core protocol systems and user funds completely unscathed.
A Brazen Deal with the Hacker
Following the breach, ZKSync extended a deal to the attacker on April 21, 2025, offering to accept 90% of the tokens back in return for keeping 10% as a reward. Unexpectedly, the hacker accepted, and within the 72-hour “safe-harbor” window, the Security Council received roughly 45 million ZK tokens together with close to 1,700 Ethereum.
Keeping All Users Safe
Notwithstanding the seriousness of the breach, ZKSync promptly safeguarded its users and the platform. Serving as the latest sequencer for ZKSync Era, Matter Labs implemented transaction filtering that shut off activity from the compromised addresses, ensuring the investigation would incur no further damage. It’s important to state that the centralized measures constitute a short-term fix and can be revised by governance whenever necessary.
The governance body presently holds the tokens, and deliberations will soon occur to chart the next course of action. This triumphant recovery stands as a rare exception within the crypto sector, where countless hacks still remain unaddressed.
Where Does ZKSync Go from Here?
With a forthcoming final investigation report on the horizon, ZKSync’s swift recovery of the stolen funds highlights the critical need for robust security measures in the swiftly evolving landscape of blockchain technology. Although a breach initiated the crisis, ZKSync’s response—revealing its dedication to protecting its users and preserving the integrity of its ecosystem—has emerged as a striking demonstration of that commitment.
In the official statement, the team stated, “The vulnerability affected only three targeted airdrop contracts.” User funds stayed unscathed, preserving the platform’s integrity.
Since governance currently holds the recovered tokens, it still remains uncertain which choices will be made concerning the assets’ future.